Brilliant Trojan Idea that we aren't immune to

Andy Choens gunksta at gmail.com
Mon May 30 01:14:23 UTC 2005


I've been using Linux for years.  In that time I've never seen
anything that gave me the willies as much as this little joy does. 
I'm sure everyone here knows/understand why Linux is such a hard nut
to crack for Virus writers....os I won't waste your time with yet
another run through.

But, here's this new toy I read about.  This thing I saw on the BBC
currently attacks windows, but could be pretty easily reconfigured to
attack us just as easily.  IE downloads and runs it (loud round of
applause for IE please).  It installed encryption software on your
computer and then encrypts all of your data....you know the stuff in
your My Documents Folder!  It leaves you with nothing but a big
encrypted mess, and a text file explaining how to get your !@#$% back.
 It's a freakin' ransom note!  This is absolutely brilliant.  Here's
why I think we shouldn't laugh too much.  True, it can't install
encryption software on a Linux computer because it wouldn't have the
right privileges for it, but think how many of us already have that
software installed on our computers!  I certainly do.....many of you
do as well.  Heck....the more paranoid you are, the more likely you
are to have it installed!

Next step, if someone can find a buffer over-run in a graphics library
somewhere or some other cute buffer over-run and then slip a carefully
made graphic, or whatever into the website, to run a simple script,
we'd get hit just as hard.  I think we would fix the hole a lot faster
than M$, but I see this as being the first idea of it's kind that
could potentially target Linux easily.  Heck, the phishing
opportunities here are endless.    I also like the logic here.  It's
simple.  It's effective, and it targets what we care about most....our
data.  I don't really give 2 hoots about my OS...but touch my data and
I get angry.

Wow, this would piss me off to no end.  I think I'm going to get more
anal about my weekly back-ups.

--andy




More information about the ubuntu-users mailing list